Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

By Vadim Freger, Dolev Moshe Attiya On December 7th, 2023, the Apache Struts project disclosed a critical vulnerability (CVSS score 9.8) in its Struts 2 open-source web framework. The vulnerability resides in the flawed file upload logic and allows attackers to manipulate upload parameters, resulting in arbitrary file upload and code execution under certain conditions. There is no known workaround, and the only solution is to upgrade to the latest versions, the affected versions being.

Consider this: By the end of 2024, Gartner has projected that over 40% of enterprises will have explicit strategies in place for SASE adoption compared to just 1% in 2018. As the “poster child” of SASE (Forrester Research’s words not mine), Cato has seen first-hand SASE’s incredible growth not just in adoption by organizations of all sizes, but also in terms of third-party vendor requests to integrate Cato SASE Cloud into their software.

Enterprises in the private sector look to the US federal government for cybersecurity best practices. The US CISA (Cybersecurity & Infrastructure Security Agency) issues orders and directives to patch existing products or avoid use of others. The US NIST (National Institute of Standards and Technology) publishes important documents providing detailed guidance on various security topics such as its Cybersecurity Framework (CSF).

New applications emerge at an almost impossible to keep-up-with pace, creating a constant challenge and blind spot for IT and security teams in the form of Shadow IT. Organizations must keep up by using tools that are automatically updated with latest developments and changes in the applications landscape to maintain proper security. An integral part of any SASE product is its ability to accurately categorize and map user traffic to the actual application being used.

In the ever-evolving landscape of cybersecurity, the line between the defenders and attackers often blurs, with skills transferable across both arenas. It’s a narrative not unfamiliar to many in the cybersecurity community: the journey from black hat to white hat, from outlaw to protector. In the 15th episode of Cato Networks’ Cyber Security Master Class, hosted by Etay Maor, Senior Director of Security Strategy, we had the privilege of witnessing such a transformative story unfold.

My new favorite company took center stage in iconic New York Times Square today with a multi-story high 3D visualization of our revolutionary secure access service edge (SASE) platform. It’s positively mesmerizing, take a look: The move signals a seismic shift happening across enterprises, the need to have an IT infrastructure that can easily adapt to anything at any time, and the transformative power of Cato’s networking and security platform.

The nature of the modern digital business is constantly and rapidly evolving, requiring network and security architectures to move at the same speed. Moving at the speed of business demands a new architecture that is agile, flexible, highly scalable, and very secure to keep pace with dynamic business changes. In short, this requires SASE.

All secured webservers are alike; each vulnerable webserver running on a network appliance is vulnerable in its own way. On October 16th 2023 Cisco published a security advisory detailing an actively exploited vulnerability (CVE-2023-20198) in its IOS XE operating system with a 10 CVSS score, allowing for unauthenticated privilege escalation and subsequent full administrative access (level 15 in Cisco terminology) to the vulnerable device.

Modern enterprise complexity is challenging cybersecurity programs. With the widespread adoption of cloud services and remote work, and the broadening distribution of applications and employees away from traditional corporate locations, organizations require a more flexible and scalable approach to network security. SASE technology can help address these issues, making SASE adoption a goal for many organizations worldwide. But adoption paths can vary widely.

According to a recent Yerbo survey, 40% of IT professionals are at high risk of burnout. In fact, and perhaps even more alarming, 42% of them plan to quit their company in the next six months. And yet, according to Deloitte, 70% of professionals across all industries feel their employers are not doing enough to prevent or alleviate burnout. CIOs should take this statistic seriously.